Lucene search
+L

77 matches found

OSV
OSV
added 2025/02/11 12:0 a.m.18 views

ALSA-2025:1301 Moderate: gcc security update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the security issues, including...

6.9CVSS7.4AI score0.8383EPSS
Exploits6References4
RedHat Linux
RedHat Linux
added 2025/02/10 10:26 p.m.9 views

Moderate: Red Hat Security Advisory: doxygen security update

An update for doxygen is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

6.9CVSS7.2AI score0.8383EPSS
Exploits6References2
AlmaLinux
AlmaLinux
added 2025/02/10 12:0 a.m.11 views

Moderate: tbb security update

Threading Building Blocks TBB is a C++ runtime library that abstracts the low-level threading details necessary for optimal multi-core performance. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the securit...

6.9CVSS7.7AI score0.8383EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2025/02/07 12:0 a.m.29 views

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-django20) (RHSA-2025:1070)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:1070 advisory. A high-level Python Web framework Security Fixes: python-django20: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation method...

6.9CVSS7.5AI score0.8383EPSS
Exploits6References5
NVD
NVD
added 2025/01/15 11:15 a.m.17 views

CVE-2025-0439

Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00268EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.8 views

PT-2025-1285 · Microsoft +5 · Edge +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 132.0.6834.83 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in Compositing, allowing a remote attacker to perform UI spoofing via a crafted...

9.6CVSS6.1AI score0.19272EPSS
Exploits27References264
Fedora
Fedora
added 2024/03/07 10:33 p.m.28 views

[SECURITY] Fedora 40 Update: jsoup-1.17.2-2.fc40

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern...

8.8CVSS8.9AI score0.02578EPSS
Exploits3
F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.136 views

K66544153: jQuery vulnerability CVE-2020-11023

Security Advisory Description In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This probl...

6.9CVSS6.6AI score0.8383EPSS
Exploits6Affected Software13
Prion
Prion
added 2022/12/14 2:15 p.m.17 views

Design/Logic Flaw

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

5CVSS7.1AI score0.01686EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/12/14 2:15 p.m.32 views

CVE-2022-23516

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

7.5CVSS6.6AI score0.01104EPSS
Exploits0References2
Fedora
Fedora
added 2022/10/25 1:13 p.m.50 views

[SECURITY] Fedora 36 Update: libxml2-2.10.3-1.fc36

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

7.8CVSS0.5AI score0.22791EPSS
Exploits2
Fedora
Fedora
added 2022/03/08 9:33 p.m.45 views

[SECURITY] Fedora 34 Update: libxml2-2.9.13-1.fc34

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

7.5CVSS0.5AI score0.0601EPSS
Exploits0
Huntr
Huntr
added 2021/10/13 6:33 a.m.11 views

Cross-site Scripting (XSS) - Reflected in jspark311/buriedunderthenoisefloor

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
CNVD
CNVD
added 2021/06/17 12:0 a.m.13 views

Drupal Core Cross-Site Scripting Vulnerability (CNVD-2021-43374)

Drupal is an open source content management system developed by the Drupal community using the PHP language. A cross-site scripting vulnerability exists in Drupal Core, which can be exploited by an attacker to cause HTML to render affected forms...

6.1CVSS5.9AI score0.00662EPSS
Exploits0References1
Fedora
Fedora
added 2021/06/14 1:22 a.m.69 views

[SECURITY] Fedora 33 Update: libxml2-2.9.12-4.fc33

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

8.8CVSS0.5AI score0.0828EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2021/05/18 4:39 p.m.70 views

Moderate: Red Hat Security Advisory: idm:DL1 and idm:client security, bug fix, and enhancement update

An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

6.9CVSS7.1AI score0.8383EPSS
Exploits6References54
OSV
OSV
added 2021/05/18 6:14 a.m.45 views

ALSA-2021:1846 Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: jquery: Passing HTML containing elements to manipulation methods could result in untrusted code executio...

6.9CVSS7.5AI score0.8383EPSS
Exploits6References2
OSV
OSV
added 2021/05/18 6:14 a.m.39 views

RLSA-2021:1846 Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

Rocky Enterprise Software Foundation Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: jquery: Passing HTML containing elements to manipulation methods could result...

6.1CVSS7.5AI score0.8383EPSS
Exploits6References53
RedHat Linux
RedHat Linux
added 2020/12/15 7:2 p.m.72 views

Moderate: Red Hat Security Advisory: python-XStatic-jQuery224 security update

An update for python-XStatic-jQuery224 is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

6.9CVSS7.1AI score0.8383EPSS
Exploits6References2
GithubExploit
GithubExploit
added 2020/10/15 2:6 p.m.140 views

Exploit for Cross-site Scripting in Olimpoks Olimpok

CVE-2020-16270 Suggested description: OLIMPOKS under 3...

6.1CVSS6.3AI score0.13112EPSS
Exploits1
Rows per page
Query Builder